My E-Mail Situation
I’ve never been content to just have a regular old e-mail address. In an effort to foil spammers, I’ve tried a number of different schemes. The entry is to discuss my current method.
General Flow
- All e-mail coming in to this domain that doesn’t go to a specific e-mail account is routed into one e-mail account (a “catchall” address).
- SpamArrest checks this address every 2 minutes.
- If the sender is known, the e-mail passes.
- If the “To:” address is whitelisted, the e-mail passes.
- Otherwise, the sender gets an automated reply that requires them to verify their humanity.
- E-mail that passes SpamArrest is forwarded to two places: an archive e-mail box, and my GMail account.
- I check my e-mail through GMail’s POP3 access when I’m on my computer, and on the GMail website when I’m away.
Subaddresses
Whenever some site needs an e-mail address, I don’t provide them with my direct address, but instead give them a “subaddress.” For instance: myname.ebay@mydomain.com I then will whitelist that “To:” address on SpamArrest using the “Mailing List” feature.
This e-mail will get routed to my main account and be checked by SpamArrest. As long as the “To:” address is on my SpamArrest whitelist, the e-mail will pass, no matter who sends it. That is, the autoreply “verify your humanity” e-mail will never be sent to anyone using this particular address.
This gives me the benefit of disposability — the ability to “quarantine” my e-mail into separate subaddresses that can be shut off, if need be. Say that I sign up for an account at WebsiteX. I give them mark.websitex@mydomain.com as my e-mail address and whitelist it in SpamArrest. Then, one day, I see a spam in my inbox. A quick look at the “To:” address tells me who sold me out. I promptly set my server to block all e-mails set to mark.websitex@mydomain.com and I don’t have to worry about my e-mail address being “out there.” That’s the problem with giving people or sites your main address… once spammers get a hold of it… game over, man.
This requires a bit of work, obviously. Every time I “create” a new e-mail subaddress, I have to take 10 seconds or so to whitelist it in SpamArrest. I think, however, that it is worth it, in the end. I’ve had 3 subaddresses become compromised, which means that’s 3 times that my main e-mail address could have been compromised, but wasn’t. E-mail spam simply isn’t a problem for me… and that’s a big relief. I do worry sometimes that the whole auto-reply e-mail thing is burdensome to people, but you have to realize that it’s very rare that it gets used.
- All outgoing mail that I send goes through SpamArrest’s SMTP server, and is automatically whitelisted.
- I rarely give out my main e-mail address (i.e. I usually give a whitelisted subaddress)
Really, the only times that it is triggered is if someone gives my main address to someone else, or if someone I know changes their e-mail address.
So that’s how I’m doing it. If you have your own server, and the benefit of a “catchall” address, I strongly recommend the use of “subaddresses”… it’s a technique that works.
